Approches formelles de mise en oeuvre de politiques de contrôle d'accès pour des applications basées sur une architecture orientée services

Abstract : Nowadays information systems are, more than ever, available through Web browsers. Therefore, they become vulnerable against attack, which has made security an important issue for public and private organizations. This thesis examines in depth one aspect of information system security, namely functional security through access-control policy enforcement, when such systems are implemented in a service-oriented architecture framework. The foundation of the proposed solution is a generic model that introduces essential concepts to design enforcement managers for access-control policies and clearly separates responsibilities between the information system and access control mechanisms. Instantiation of this model results in a general framework, which encompasses many components including a dynamic access-control filter. This thesis also presents two systematic implementation methods for the dynamic access-control filter from policies expressed in ASTD, a formal and graphical notation based on statecharts enriched with process algebra operators. The ASTD notation is more expressive than the RBAC standard and its extensions, the widely used solution in software engineering. The first method is based on the transformation of access-control policies, instantiated from ASTD patterns, into BPEL processes. The second method is based on the interpretation of ASTD specifications by BPEL processes. In these two cases, the BPEL processes are deployed and executed in a BPEL engine, and interact with the information system. Both methods allow for automatic implementation of an enforcement framework from the initial specification. Finally, prototypes have been developed to illustrate both methods and show their feasibility at the functional level and their performance
Document type :
Theses
Complete list of metadatas

Cited literature [30 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00802383
Contributor : Abes Star <>
Submitted on : Tuesday, March 19, 2013 - 5:17:20 PM
Last modification on : Wednesday, September 4, 2019 - 1:52:06 PM
Long-term archiving on : Thursday, June 20, 2013 - 10:15:59 AM

File

TH2012PEST1076_complete.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-00802383, version 1

Collections

Citation

Michel Embe Jiague. Approches formelles de mise en oeuvre de politiques de contrôle d'accès pour des applications basées sur une architecture orientée services. Autre [cs.OH]. Université Paris-Est, 2012. Français. ⟨NNT : 2012PEST1076⟩. ⟨tel-00802383⟩

Share

Metrics

Record views

762

Files downloads

2484